VDB
CVE-2020-15304
CVE-2020-15304
PUBLISHED
CVSS 2.0999999046325684 LOW
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
EPSS 0.12% · 30.3th percentile
Risk Scores
CVSS 2.0
2.0999999046325684
EPSS Score
0.12%
30.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| openexr | openexr | 0 |
| fedoraproject | fedora | 31, 32 |
| opensuse | leap | 15.1, 15.2 |
Exploit Intelligence
- https://github.com/AcademySoftwareFoundation/openexr/pull/727 (circl)
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 (circl)
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md (circl)
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md (circl)
- FEDORA-2020-8394f7fd12 (circl)
- FEDORA-2020-a9a0f8f6cd (circl)
- openSUSE-SU-2020:0970 (circl)
- openSUSE-SU-2020:1015 (circl)
- GLSA-202107-27 (circl)
Timeline
- Jun 26, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jul 11, 2021 CVE Updated
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://github.com/AcademySoftwareFoundation/openexr/pull/727 url
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 url
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md url
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md url
- FEDORA-2020-8394f7fd12 vendor-advisory
- FEDORA-2020-a9a0f8f6cd vendor-advisory
- openSUSE-SU-2020:0970 vendor-advisory
- openSUSE-SU-2020:1015 vendor-advisory
- GLSA-202107-27 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-15304 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT url